<?php
if(!isset($_SESSION)){session_start();};
require('main.php');

if($_POST['doLogin']){
	$username = $_POST['uname'];
	$password = $_POST['pwd'];
	
	$db->connectdb(DB_NAME,DB_USERNAME,DB_PASSWORD);

	$user_query = $db->select_query("SELECT * FROM administrators WHERE username = '".$username."' AND password = '".md5($password)."'");
	
	if($db->rows($user_query)){
		$user_rs = $db->fetch($user_query);
		$_SESSION['username'] = $user_rs['username'];
		$_SESSION['doLogin']['user'] = true;
		$_SESSION['level'] = $user_rs['alias'];
		echo '{"status":"1"}';
	}else{
		echo '{"status":"0"}';
	}
	
	$db->closedb();
}
//=========================== show_members.php =============================================
if($_POST['change_level']){
	$value = $_POST['l'];
	$user = $_POST['user'];
	if(mysql_query('UPDATE members SET userlevel ='.$value.' WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['change_status']){
	$value = $_POST['l'];
	$user = $_POST['user'];
	if(mysql_query('UPDATE members SET status ='.$value.' WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['deleteuser']){
	$user = $_POST['user'];
	if(mysql_query('DELETE FROM members WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

//========================  ads.php ==========================================
if($_POST['change_ads_status']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	$order_ads_id = $_POST['order_ads_id'];
	if(mysql_query('UPDATE advertise SET ads_status ='.$value.' WHERE id ="'.$id.'"')){
		if($value==1){
			mysql_query('UPDATE order_ads SET status=2 WHERE ads_id="'.$order_ads_id.'"');
		}elseif($value==2){
			mysql_query('UPDATE order_ads SET status=3 WHERE ads_id="'.$order_ads_id.'"');
		}else{
			mysql_query('UPDATE order_ads SET status=0 WHERE ads_id="'.$order_ads_id.'"');
		}
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['change_ads_period']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	if(mysql_query('UPDATE advertise SET ads_period ='.$value.' WHERE id ="'.$id.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['deleteads']){
	$id = $_POST['id'];
	
	$get_ads = mysql_query('SELECT id,pid FROM advertise WHERE id="'.$id.'"');
	$get_ads_rs = mysql_fetch_assoc($get_ads);
	$pid = $get_ads_rs['pid'];
	
	$order_ads_id = $get_ads_rs['id'].'#'.$get_ads_rs['pid'];
	$get_order = mysql_query('SELECT invoice FROM order_ads WHERE ads_id="'.$order_ads_id.'"');
	$get_order_rs = mysql_fetch_assoc($get_order);
	$invoice_id = $get_order_rs['invoice'];
	
	$img = mysql_query('SELECT * FROM products_img WHERE pid="'.$pid.'"');
	while($img_name = mysql_fetch_assoc($img)){
		if($img_name['img1']!=""){
			unlink('../uploads/'.$img_name['img1']);
		}
		if($img_name['img2']!=""){
			unlink('../uploads/'.$img_name['img2']);
		}
		if($img_name['img3']!=""){
			unlink('../uploads/'.$img_name['img3']);
		}
		if($img_name['img4']!=""){
			unlink('../uploads/'.$img_name['img4']);
		}
		if($img_name['img5']!=""){
			unlink('../uploads/'.$img_name['img5']);
		}
		if($img_name['img6']!=""){
			unlink('../uploads/'.$img_name['img6']);
		}		
	}
	
	if(mysql_query('DELETE FROM advertise WHERE id ="'.$id.'"')){
		mysql_query('DELETE FROM products WHERE pid="'.$pid.'"')or die(mysql_error());
		mysql_query('DELETE FROM products_img WHERE pid="'.$pid.'"');
		mysql_query('DELETE FROM order_ads WHERE ads_id="'.$order_ads_id.'"');
		mysql_query('DELETE FROM order_confirm WHERE invoice="'.$invoice_id.'"');
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

//========================  banners.php ==========================================
if($_POST['change_banner_status']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	if(mysql_query('UPDATE banners SET active ='.$value.' WHERE banner_id ="'.$id.'"')){
		if($value==1){
			mysql_query('UPDATE order_ads SET status=2 WHERE ads_id="'.$id.'"');
		}elseif($value==2){
			mysql_query('UPDATE order_ads SET status=3 WHERE ads_id="'.$id.'"');
		}else{
			mysql_query('UPDATE order_ads SET status=0 WHERE ads_id="'.$id.'"');
		}
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['change_banner_period']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	if(mysql_query('UPDATE banners SET period ='.$value.' WHERE banner_id ="'.$id.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['delete_banner']){
	$id = $_POST['id'];
	$sql = 'SELECT image FROM banners WHERE banner_id ="'.$id.'"';
	$q 	= mysql_query($sql)or die(mysql_error());
	$rs	= mysql_fetch_assoc($q);

	$get_order = mysql_query('SELECT invoice FROM order_ads WHERE ads_id="'.id.'"');
	$get_order_rs = mysql_fetch_assoc($get_order);
	$invoice_id = $get_order_rs['invoice'];
	
	if(unlink('../uploads/'.$rs['image']) && mysql_query('DELETE FROM banners WHERE banner_id ="'.$id.'"')){
		mysql_query('DELETE FROM order_ads WHERE ads_id="'.$id.'"');
		mysql_query('DELETE FROM order_confirm WHERE invoice="'.$invoice_id.'"');
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['ppc_manage']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	$field = $_POST['field'];
	if($field == 'status' && mysql_query('UPDATE adsense_bumq SET active='.$value.' WHERE id ='.$id)){
		echo '{"status":1}';
	}elseif($field == 'ads_from' && mysql_query('UPDATE adsense_bumq SET code_from="'.$value.'" WHERE id ='.$id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

//========================  bank/add_bank.php ==========================================
if($_POST['upload_bank_img']){
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];

	if(mysql_query('INSERT INTO banks(name,account_id,account_name,branch,logo) VALUES("'.$name.'","'.$account_id.'","'.$account_name.'","'.$branch.'","'.$logo.'")')){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['update_bank_img']){
	$id		= $_POST['bid'];
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];
	$sql = 'UPDATE banks SET name="'.$name.'",account_id="'.$account_id.'",account_name="'.$account_name.'",branch="'.$branch.'",logo="'.$logo.'" WHERE id='.$id;
	
	if(mysql_query($sql)){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['delbank']){
	$bank_id = $_POST['id'];
	$sql = 'SELECT logo FROM banks WHERE id ='.$bank_id;
	$q 	= mysql_query($sql)or die(mysql_error());
	$rs	= mysql_fetch_assoc($q);
	
	if(unlink('../styles/images/bank_images/'.$rs['logo']) && mysql_query('DELETE FROM banks WHERE id='.$bank_id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}


//========================  post/all.php ==========================================
if($_POST['upload_cat_img']){
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];

	if(mysql_query('INSERT INTO banks(name,account_id,account_name,branch,logo) VALUES("'.$name.'","'.$account_id.'","'.$account_name.'","'.$branch.'","'.$logo.'")')){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['update_cat_img']){
	$id		= $_POST['bid'];
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];
	$sql = 'UPDATE banks SET name="'.$name.'",account_id="'.$account_id.'",account_name="'.$account_name.'",branch="'.$branch.'",logo="'.$logo.'" WHERE id='.$id;
	
	if(mysql_query($sql)){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['delcat']){
	$bank_id = $_POST['id'];
	$sql = 'SELECT logo FROM banks WHERE id ='.$bank_id;
	$q 	= mysql_query($sql)or die(mysql_error());
	$rs	= mysql_fetch_assoc($q);
	
	if(unlink('../styles/images/bank_images/'.$rs['logo']) && mysql_query('DELETE FROM banks WHERE id='.$bank_id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}


if(!empty($_POST['dblclick'])&& !isset($_GET['editsubcat'])){
	$price 		= $_POST['value'];
	$pos_name	= $_POST['dblclick'];
	if(mysql_query('UPDATE positions SET price='.$price.' WHERE position_name="'.$pos_name.'"')){
		echo $price;	
	}
}


if($_POST['add_new_cat']){
	$cat_name 	= $_POST['cat_name'];
	$cat_sort	= $_POST['cat_sort'];
	$cat_status	= $_POST['cat_status'];
	$cat_img	= $_POST['cat_img'];
	if($_POST['update']){
		$sql = 'UPDATE category SET cat_name="'.$cat_name.'",cat_img="'.$cat_img.'", cat_active='.$cat_status.' WHERE cat_img="'.$cat_img.'"';
	}else{
		$sql = 'INSERT INTO category(cat_name,cat_img,cat_active,cat_sort) VALUES("'.$cat_name.'","'.$cat_img.'","'.$cat_status.'","'.$cat_sort.'")';
	}
	if(mysql_query($sql)){
		unset($_SESSION['cat_img']);
		echo '{"status":1, "txt":"success"}';
	}else{
		echo '{"status":0, "txt":"fail"}';
	}

}

if($_POST['delcategory']){
	$cat_id = $_POST['id'];
	if(delCat($cat_id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['add_new_sub']){
	$sub_name 	= $_POST['sub_name'];
	$sub_status	= $_POST['sub_status'];
	$cat_id	= $_POST['cat_id'];
	
	$sql = 'INSERT INTO subcat(cat_id, sub_name, sub_active) VALUES('.$cat_id.',"'.$sub_name.'","'.$sub_status.'")';

	if(mysql_query($sql)){
		echo '{"status":1, "txt":"success"}';
	}else{
		echo '{"status":0, "txt":"fail"}';
	}

}

if($_POST['delsubcat']){
	$id = $_POST['id'];
	if(mysql_query('DELETE FROM subcat WHERE sub_id='.$id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if(isset($_GET['editsubcat'])){
	$sub_name 	= $_POST['value'];
	$sub_id		= $_POST['dblclick'];
	if(mysql_query('UPDATE subcat SET sub_name="'.$sub_name.'" WHERE sub_id='.$sub_id)){
		echo $sub_name;	
	}
}

if($_POST['setting']){
	$admin_email 	= $_POST['admin_email'];
	$info_email		= $_POST['info_email'];
	$fb230			= $_POST['fb23'];
	$fb340			= $_POST['fb34'];
	$like			= $_POST['like'];
	$fb_share		= $_POST['fb_share'];
	$retweet		= $_POST['twt'];
	//echo "UPDATE setting SET admin_email='".$admin_email."', info_email='".$info_email."', f230='".$_POST['fb23']."', f340='".$_POST['fb34']."', like_button='".$like."' WHERE sid=1";
	if(mysql_query("UPDATE setting SET admin_email='".$admin_email."', info_email='".$info_email."', f230='".$_POST['fb23']."', f340='".$_POST['fb34']."', like_button='".$like."', fb_share='".$fb_share."', retweet='".$retweet."' WHERE sid=1")){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}

}

//==================== delCate function ========================
function delCat($cat_id=0){
	$del_sub_sql = 'DELETE FROM subcat WHERE cat_id='.$cat_id;
	if(mysql_query($del_sub_sql)){
		$img_sql = mysql_query('SELECT cat_img FROM category WHERE cat_id='.$cat_id);
		$img_rs = mysql_fetch_assoc($img_sql);
		
		if(!empty($img_rs['cat_img']) && unlink('../styles/images/category/'.$img_rs['cat_img'])){
			mysql_query('DELETE FROM category WHERE cat_id='.$cat_id);
			return 'true';
		}else{
			mysql_query('DELETE FROM category WHERE cat_id='.$cat_id);
			return 'false';
		}
	}else{
		return 'false';
	}	
}
?>